Architecture
eValid web security analysis uses a powerful functional test engine
combined with a powerful page scanner to pinpoint vulnerabilities.
Built into a browser that can imitate any type of device, the
eValid engine provides full access to browsed pages,
including those which change dynamically during AJAX application
operation.
There is full DOM access (both input and output), a complete
execution environment with environment variables and parameterizable
scripts, plus combinatoric and random test input generation capability.

Application Scenarios
Here are some of the kinds of web security analysis scenarios
that are possible with eValid technology applied
to search for web application vulnerabilities
using cloud computing resources.
The common thread in each of these scenarios
is systematic automated programmatic use of a full-featured test enabled web browser that
is instrumented to drive a web application in any way a browser can,
and to fully and completely analyze every response, including AJAX interactions,
that arrive from the server stack supporting that web application.

Penetration Testing:
Combinatoric attack on login or other authentication step.

XSS Vulnerability Testing:
For randomly selected applications from a known list of
possible targets, analyze for existence of XSS vulnerability
by reading pages' DOM contents.